Users on China's dark web trade hacking tips and other information that help drive a rising tide of data theft and other cybercrime, Tokyo-based research experts said.
"Look for people who can hack into Korean or Japanese websites. If you don't have the skills or experience, no need to reply," said a post on a Chinese darknet. The request was discovered by South Korean information security service provider CNsecurity on Jan. 25.
The post targeted job search and recruitment sites, including those run by Tokyo-based companies Mynavi and Recruit, as well as a Japanese network of public employment services called Hello Work, CNsecurity reported.
China's Internet is different in many ways, in part because authorities have tried to keep foreign information and platforms out. This has spawned a professional cyber ecosystem that is host to hackers.
According to SouthPlume, CNsecurity's Japanese agency, China's dark web is unique in two ways. First, Chinese hackers communicate with each other through local social media, which creates the equivalent of a membership organization, unlike the typical dark web, whose sites can only be accessed through anonymous browsers such as Tor.
China's dark web also lacks the typical listings for underground transactions such as drugs, weapons or child pornography. According to SouthPlume, they mainly spread tips on dumping personal information and hacking company websites.
Mynavi reported in February that more than 210,000 resumes were logged on its site without authorization between Jan. 17 and Feb. 9, although the company said it had not confirmed that Chinese hackers were responsible.
Credit card fraud in Japan has increased since about 2017. This coincides with a surge in Chinese tourists visiting Japan, although any link between these trends remains difficult to prove.
Sompo Risk Management, a subsidiary of Japanese insurance group Sompo Holdings, reported a July 2020 posting in which a person claiming to be the head of the data analytics department of a Chinese listed company tried to trade leaked data.
Information on the dark web is constantly changing, making it difficult to combat data breaches after the fact.
"The only way risk-aware companies can combat this problem is if each of them takes some sort of precaution" said Toru Atsumi, a senior researcher in Sompo Risk Management's cybersecurity division.